Gentoo-keys a project to manage, update, and validate Gentoo developer and release keys used for Gentoo projects and release media.

Gentoo-keys is a Python based project that will wrap the pyGPG python interface libs to gnupg's gpg command. Its main focus is to manage the installation of the required gpg keys used for Gentoo's release media. Such media includes installation CDs, LiveDVDs, and other gpg-signed documents such as layman's repositories.xml list. It will likely also be used on Gentoo's infra servers for tasks related to the Gentoo ebuild tree migration to git. It will be used as part of the gpg-signed git commits validation. As such will have functions dedicated to authenticating commits made by developers.

Use the source, Luke

While most Linux distributions distribute a complete binary keyring for their authenticating. It is generally not the Gentoo way. Binary files do not play well with utilities like etc-update and dispatch-config. Also one system/user might need only a few keys, another might need a full set of developer keys + the release media keys. So to that end, gentoo-keys, aims to distribute it's utility app gkeys which will be used to import the desired gpg keys into the appropriate keyrings from information contained in "seed" files. The seed files will contain information like name, keyid, longkey-id, fingerprint. From that information, it will run gpg to import the key from a keyserver and validate that the key matches the expected fingerprint from the seed. It will have options to add, delete, update keys. It will have library classes, functions to be used in other python based apps like layman to validate a gpg signed repositories.xml list. Another is the git commit hooks that will be used to validate developer commits to a new git based ebuild tree.

TODO

Extend pyGPG's data mining functions to parse stdout output for gpg --list-key, --list-keys since gpg does not output any info to it's --status-fd which is normally used for data gathering by pyGPG. This is needed as part of the key import and validation functions of gkeys.